CVE-2016-5573

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.

References

http://rhn.redhat.com/errata/RHSA-2016-2079.html

http://rhn.redhat.com/errata/RHSA-2016-2088.html

http://rhn.redhat.com/errata/RHSA-2016-2089.html

http://rhn.redhat.com/errata/RHSA-2016-2090.html

http://rhn.redhat.com/errata/RHSA-2016-2136.html

http://rhn.redhat.com/errata/RHSA-2016-2137.html

http://rhn.redhat.com/errata/RHSA-2016-2138.html

http://rhn.redhat.com/errata/RHSA-2016-2658.html

http://rhn.redhat.com/errata/RHSA-2016-2659.html

http://rhn.redhat.com/errata/RHSA-2017-0061.html

http://www.debian.org/security/2016/dsa-3707

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.securityfocus.com/bid/93628

http://www.securitytracker.com/id/1037040

http://www.ubuntu.com/usn/USN-3130-1

http://www.ubuntu.com/usn/USN-3154-1

https://access.redhat.com/errata/RHSA-2017:1216

https://security.gentoo.org/glsa/201611-04

https://security.gentoo.org/glsa/201701-43

https://security.netapp.com/advisory/ntap-20161019-0001/

Details

Source: MITRE

Published: 2016-10-25

Updated: 2020-09-08

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 1.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jdk:1.6.0:update_121:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update111:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update101:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update102:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_121:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update_111:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_101:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update_102:*:*:*:*:*:*

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
127348NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0111)NessusNewStart CGSL Local Security Checks
critical
121660Photon OS 1.0: Openjdk PHSA-2016-0015NessusPhotonOS Local Security Checks
critical
119988SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3010-1)NessusSuSE Local Security Checks
critical
111849Photon OS 1.0: Openjdk / Openjre / Postgresql PHSA-2016-0015 (deprecated)NessusPhotonOS Local Security Checks
critical
101406Virtuozzo 7 : java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc (VZLSA-2017-0061)NessusVirtuozzo Local Security Checks
critical
100094RHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)NessusRed Hat Local Security Checks
critical
99840EulerOS 2.0 SP1 : java-1.7.0-openjdk (EulerOS-SA-2016-1080)NessusHuawei Local Security Checks
critical
97051AIX Java Advisory : java_oct2016_advisory.asc (October 2016 CPU)NessusAIX Local Security Checks
critical
97025Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2017-795)NessusAmazon Linux Local Security Checks
critical
96640GLSA-201701-43 : IcedTea: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
96526Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170113)NessusScientific Linux Local Security Checks
critical
96480RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2017:0061)NessusRed Hat Local Security Checks
critical
96476Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2017-0061)NessusOracle Linux Local Security Checks
critical
96457CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061)NessusCentOS Local Security Checks
critical
95750openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1444)NessusSuSE Local Security Checks
critical
95711SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:3078-1)NessusSuSE Local Security Checks
critical
95710SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:3068-1)NessusSuSE Local Security Checks
critical
95629Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3154-1)NessusUbuntu Local Security Checks
critical
95623SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3043-1)NessusSuSE Local Security Checks
critical
95608SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:3041-1)NessusSuSE Local Security Checks
critical
95607SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3040-1)NessusSuSE Local Security Checks
critical
95549openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1389)NessusSuSE Local Security Checks
critical
95532openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1380)NessusSuSE Local Security Checks
critical
95423SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:2953-1)NessusSuSE Local Security Checks
critical
95311openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-1357)NessusSuSE Local Security Checks
critical
95294SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2887-1)NessusSuSE Local Security Checks
critical
95023openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1335)NessusSuSE Local Security Checks
critical
94977Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-771)NessusAmazon Linux Local Security Checks
critical
94954Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3130-1)NessusUbuntu Local Security Checks
critical
94740CentOS 5 / 6 / 7 : java-1.7.0-openjdk (CESA-2016:2658)NessusCentOS Local Security Checks
critical
94627Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20161107)NessusScientific Linux Local Security Checks
critical
94624RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:2659)NessusRed Hat Local Security Checks
critical
94623RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2016:2658)NessusRed Hat Local Security Checks
critical
94621Oracle Linux 5 / 6 / 7 : java-1.7.0-openjdk (ELSA-2016-2658)NessusOracle Linux Local Security Checks
critical
94613Debian DSA-3707-1 : openjdk-7 - security updateNessusDebian Local Security Checks
critical
94595GLSA-201611-04 : Oracle JRE/JDK: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
94587Debian DLA-704-1 : openjdk-7 security updateNessusDebian Local Security Checks
critical
9712Oracle Java SE 6 < Update 131 / 7 < Update 121 / 8 < Update 112 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
94510Ubuntu 16.04 LTS / 16.10 : openjdk-8 vulnerabilities (USN-3121-1)NessusUbuntu Local Security Checks
critical
94501RHEL 5 : java-1.7.0-ibm (RHSA-2016:2138)NessusRed Hat Local Security Checks
critical
94500RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:2137)NessusRed Hat Local Security Checks
critical
94499RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2016:2136)NessusRed Hat Local Security Checks
critical
94341Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)NessusAmazon Linux Local Security Checks
critical
94190RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:2090)NessusRed Hat Local Security Checks
critical
94189RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:2089)NessusRed Hat Local Security Checks
critical
94188RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:2088)NessusRed Hat Local Security Checks
critical
94151Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20161019)NessusScientific Linux Local Security Checks
critical
94150RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:2079)NessusRed Hat Local Security Checks
critical
94149Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-2079)NessusOracle Linux Local Security Checks
critical
94140CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2016:2079)NessusCentOS Local Security Checks
critical
94139Oracle Java SE Multiple Vulnerabilities (October 2016 CPU) (Unix)NessusMisc.
critical
94138Oracle Java SE Multiple Vulnerabilities (October 2016 CPU)NessusWindows
critical